US20060235982A1 - Information appliance and access control method - Google Patents

Information appliance and access control method Download PDF

Info

Publication number
US20060235982A1
US20060235982A1 US11/402,963 US40296306A US2006235982A1 US 20060235982 A1 US20060235982 A1 US 20060235982A1 US 40296306 A US40296306 A US 40296306A US 2006235982 A1 US2006235982 A1 US 2006235982A1
Authority
US
United States
Prior art keywords
address
content
content server
information
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/402,963
Other versions
US7600043B2 (en
Inventor
Naozumi Koshino
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp filed Critical Toshiba Corp
Assigned to KABUSHIKI KAISHA TOSHIBA reassignment KABUSHIKI KAISHA TOSHIBA ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KOSHINO, NAOZUMI
Publication of US20060235982A1 publication Critical patent/US20060235982A1/en
Application granted granted Critical
Publication of US7600043B2 publication Critical patent/US7600043B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2805Home Audio Video Interoperability [HAVI] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/282Controlling appliance services of a home automation network by calling their functionalities based on user interaction within the home
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/43615Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/61Network physical structure; Signal processing
    • H04N21/6106Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
    • H04N21/6125Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/61Network physical structure; Signal processing
    • H04N21/6156Network physical structure; Signal processing specially adapted to the upstream path of the transmission network
    • H04N21/6175Network physical structure; Signal processing specially adapted to the upstream path of the transmission network involving transmission via Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • H04L12/2812Exchanging configuration information on appliance services in a home automation network describing content present in a home automation network, e.g. audio video content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances

Definitions

  • One embodiment of the invention relates to an access control method and in particular to an access control method for controlling an access to content data through a network.
  • flat-screen digital TVs such as a liquid crystal TV and a plasma TV having functions of receiving and playing back satellite BS digital broadcasting and terrestrial digital broadcasting, an HDD-DVD recorder for receiving an analog broadcast program and recording the program in an internal HDD in digital form, and the like are springing into wide use in households.
  • Such a home network often is connected to the Internet through a router and the client may find out an unauthorized server releasing copyrighted content to the Internet and may access the content stored in the server depending on the settings of the router, resulting in an infringement of the copyright.
  • the server In order to cope with the above circumstance, generally the server often adopts a method of conducting machine authentication and access control so as to protect against the fraud of releasing copyrighted content to the Internet.
  • the server belonging to the home network installing the related art described above may have settings rewritten by unauthorized access from the outside so that the client in the home is induced to an unauthorized server on the Internet or is caused to make unauthorized access to a server on the Internet.
  • FIG. 1 is a diagram to describe an appearance of a digital TV broadcast receiver incorporating an access control apparatus and an access control method and an example of a network system configured centering on the digital TV broadcast receiver 111 ;
  • FIG. 2 is an exemplary block diagram to show a main signal processing channel of the digital TV broadcast receiver
  • FIG. 3 is an exemplary block diagram provided by extracting the connection relationship of a part shown in FIG. 1 ;
  • FIG. 4 is an exemplary flowchart to show a content playback processing procedure
  • FIGS. 5A-5D are exemplary flowcharts to show specific access permission determination method at step S 404 of the content playback processing procedure
  • FIG. 6 is an exemplary drawing to describe a network address part and a host address part of an IP address
  • FIGS. 7A and 7B are exemplary drawings to show examples of device list displayed on a video display
  • FIGS. 8A and 8B are exemplary drawings to describe network address part match/mismatch.
  • FIG. 9 is an exemplary drawing to show an example of a warning displayed on the video display.
  • FIG. 1 schematically shows an appearance of a digital TV broadcast receiver 111 incorporating an access control apparatus (information appliance) and an access control method and an example of a network system configured centering on the digital TV broadcast receiver 111 , described in the embodiment.
  • the digital TV broadcast receiver 111 mainly includes a thin-shaped cabinet 112 and a support bed 113 for supporting the cabinet 112 upright.
  • a flat panel video display 114 implemented as an SED (Surface-conduction Electron-emitter Display) display panel, a liquid crystal display panel, etc., speakers 115 , an operation section 116 , a light reception section 118 for receiving operation information transmitted from a remote control 117 , and the like are installed in the cabinet 112 .
  • SED Surface-conduction Electron-emitter Display
  • a first memory card 119 such as an SD (Secure Digital) memory card, an MMC (Multimedia Card), or a memory stick can be attached to and detached from the digital TV broadcast receiver 111 , and information of a program, a photo, etc., is recorded and is played back on the first memory card 119 .
  • SD Secure Digital
  • MMC Multimedia Card
  • a second memory card (IC card) 120 recording contract information, etc., for example, can be attached to and detached from the digital TV broadcast receiver 111 , and information is recorded and is played back on the second memory card 120 .
  • the digital TV broadcast receiver 111 includes a first LAN (Local Area Network) terminal 121 , a second LAN terminal 122 , a USB (Universal Serial Bus) terminal 123 , and an IEEE1394 terminal 124 .
  • LAN Local Area Network
  • second LAN terminal 122 a second LAN terminal 122
  • USB Universal Serial Bus
  • IEEE1394 terminal 124 an IEEE1394 terminal 124 .
  • the first LAN terminal 121 which is used as a LAN compatible HDD dedicated port, is used to record and play back information through Ethernet (registered trademark) on a LAN compatible HDD 125 of connected NAS (Network Attached Storage).
  • Ethernet registered trademark
  • NAS Network Attached Storage
  • the first LAN terminal 121 as the LAN compatible HDD dedicated port is provided, whereby information of a program based on HDTV image quality can be stably recorded on the HDD 125 without being affected by any other network environment, the network use situation, etc.
  • the second LAN terminal 122 which is used as a general LAN compatible port using Ethernet (registered trademark), is used to connect machines such as a LAN compatible HDD 127 , a PC (Personal Computer) 128 , and an HDD containing DVD (digital versatile disk) recorder 129 , for example, through a hub 126 for transferring information to and from the machines.
  • machines such as a LAN compatible HDD 127 , a PC (Personal Computer) 128 , and an HDD containing DVD (digital versatile disk) recorder 129 , for example, through a hub 126 for transferring information to and from the machines.
  • the PC 128 is implemented as a UPnP (Universal Plug and Play) compatible device having a function to operate as a content server in the home network and further including service for providing URI (Uniform Resource Identifier) information required for accessing content.
  • UPnP Universal Plug and Play
  • URI Uniform Resource Identifier
  • a dedicated analog transmission line 130 needs to be provided for the DVD recorder 129 to transfer analog video and audio information to and from the digital TV broadcast receiver 111 because digital information communicated through the second LAN terminal 122 is information of only the control channel.
  • the second LAN terminal 122 is used to connect a network 132 , such as the Internet, through a broadband router 131 connected to the hub 126 for transferring information to and from a PC 133 , a mobile telephone 134 , etc., through the network 132 .
  • a network 132 such as the Internet
  • the PC 133 is implemented as a UPnP compatible device having a function to operate as a content server and further including service for providing URI information required for accessing content.
  • the USB terminal 123 which is used as a general USB compatible port, is used to connect USB devices such as a mobile telephone 136 , a digital camera 137 , a card reader/writer 138 for a memory card, an HDD 139 , and a keyboard 140 , for example, through a hub 135 for transferring information to and from the USB devices.
  • USB devices such as a mobile telephone 136 , a digital camera 137 , a card reader/writer 138 for a memory card, an HDD 139 , and a keyboard 140 , for example, through a hub 135 for transferring information to and from the USB devices.
  • the IEEE1394 terminal 124 is used to connect an AV-HDD 141 , a D (Digital)-VHS (Video Home System) 142 , etc., for example, in series for transferring information to and from the machines.
  • FIG. 2 shows the main signal processing channel of the digital TV broadcast receiver 111 . That is, a satellite digital TV broadcast signal received at an antenna 243 for receiving BS/CS digital broadcasting is supplied through an input terminal 244 to a satellite digital broadcasting tuner 245 , whereby the broadcast signal of any desired channel is selected.
  • the broadcast signal selected by the tuner 245 is supplied to a PSK (Phase Shift Keying) demodulator 246 and is demodulated into digital video and audio signals, which are then output to a signal processing section 247 .
  • PSK Phase Shift Keying
  • a terrestrial digital TV broadcast signal received at an antenna 248 for receiving terrestrial broadcasting is supplied through an input terminal 249 to a terrestrial digital broadcasting tuner 250 , whereby the broadcast signal of any desired channel is selected.
  • the broadcast signal selected by the tuner 250 is supplied to an OFDM (Orthogonal Frequency Division Multiplexing) demodulator 251 , for example, in Japan and is demodulated into digital video and audio signals, which are then output to the signal processing section 247 .
  • OFDM Orthogonal Frequency Division Multiplexing
  • a terrestrial analog TV broadcast signal received at the antenna 248 for receiving terrestrial broadcasting is supplied through the input terminal 249 to a terrestrial analog broadcasting tuner 252 , whereby the broadcast signal of any desired channel is selected.
  • the broadcast signal selected by the tuner 252 is supplied to an analog demodulator 253 and is demodulated into analog video and audio signals, which are then output to the signal processing section 247 .
  • the signal processing section 247 selectively performs predetermined digital signal processing for the digital video and audio signals supplied from the PSK demodulator 246 and the OFDM demodulator 251 , and outputs the signals to a graphic processing section 254 and an audio processing section 255 .
  • a plurality of (in the FIG. 4 ) input terminals 256 a, 256 b, 256 c, and 256 d are connected to the signal processing section 247 .
  • the input terminals 256 a to 256 d make it possible to input analog video and audio signals from the outside of the digital TV broadcast receiver 111 .
  • the signal processing section 247 selectively digitizes the analog video and audio signals supplied from the analog demodulator 253 and the input terminals 256 a to 256 d and performs predetermined digital signal processing for the digitized video and audio signals and then outputs the signals to the graphic processing section 254 and the audio processing section 255 .
  • the graphic processing section 254 has a function of superposing an OSD (On Screen Display) signal generated by an OSD signal generation section 257 on the digital video signal supplied from the signal processing section 247 and outputting the resultant signal.
  • the graphic processing section 254 can selectively output the output video signal of the signal processing section 247 and the output OSD signal of the OSD signal generation section 257 and can output both output signals in combination so as to form each a half of a screen.
  • the digital video signal output from the graphic processing section 254 is supplied to a video processing section 258 .
  • the video processing section 258 converts the input digital video signal into an analog video signal in a format that can be displayed on the video display 114 and then outputs the analog video signal to the video display 114 for displaying video and also outputs the signal to the outside through an output terminal 259 .
  • the audio processing section 255 converts the input digital audio signal into an analog audio signal in a format that can be played back in the speakers 115 and then outputs the analog audio signal to the speakers 115 for playing back audio and also outputs the signal to the outside through an output terminal 260 .
  • the control section 261 which contains a CPU (Central Processing Unit), etc., receives operation information from the operation section 116 or receives operation information sent from the remote control 117 through the light reception section 118 and controls the sections so as to reflect the operation description.
  • a CPU Central Processing Unit
  • control section 261 uses mainly ROM (Read-Only Memory) 261 a storing a control program executed by the CPU, RAM (Random Access Memory) 261 b for providing a work area for the CPU, and nonvolatile memory 261 c for storing various pieces of set information, control information, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • nonvolatile memory 261 c for storing various pieces of set information, control information, etc.
  • the control section 261 is connected through a card I/F (Interface) 265 to a cardholder 266 in which the first memory card 119 can be placed, whereby the control section 261 can transfer information to and from the first memory card 119 placed in the card holder 266 through the card I/F 265 .
  • a card I/F Interface
  • control section 261 is connected through a card I/F 267 to a card holder 268 in which the second memory card 120 can be placed, whereby the control section 261 can transfer information to and from the second memory card 120 placed in the card holder 268 through the card I/F 267 .
  • the control section 261 is connected to the first LAN terminal 121 through a communication I/F 269 , whereby the control section 261 can transfer information to and from the LAN compatible HDD 125 connected to the first LAN terminal 121 through the communication I/F 269 .
  • the control section 261 has a DHCP (Dynamic Host Configuration Protocol) server function and assigns an IP (Internet Protocol) address to the LAN compatible HDD 125 connected to the first LAN terminal 121 for control.
  • DHCP Dynamic Host Configuration Protocol
  • control section 261 is connected to the second LAN terminal 122 through a communication I/F 270 , whereby the control section 261 can transfer information to and from the machines connected to the second LAN terminal 122 (see FIG. 1 ) through the communication I/F 270 .
  • the control section 261 is also connected to the USB terminal 123 through a USB I/F 271 , whereby the control section 261 can transfer information to and from the machines connected to the USB terminal 123 (see FIG. 1 ) through the USB I/F 271 .
  • control section 261 is connected to the IEEE1394 terminal 124 through an IEEE1394 I/F 272 , whereby the control section 261 can transfer information to and from the machines connected to the IEEE1394 terminal 124 (see FIG. 1 ) through the IEEE1394 I/F 272 .
  • a registration file describing the storage IDs (each containing IP address and device name) assigned to the HDD 125 , the HDD 127 , the PC 128 , and the DVD recorder 129 at the initial registration time is stored in the HDD 125 .
  • the storage IDs of the HDD 125 , the HDD 127 , the PC 128 , and the DVD recorder 129 are stored in the nonvolatile memory 261 c.
  • the control section 261 provides functions including (1) server finding function 261 d using UPnP, (2) content information acquisition function 261 e using UPnP, and (3) content access control function 261 f.
  • the control section 261 finds a UPnP compatible device on the network using a UPnP discovery function by the server finding function 261 d.
  • the server finding function 261 d finds the PC 128 using the UPnP discovery function.
  • the control section 261 controls a UPnP compatible device using a UPnP control function by the content information acquisition function 261 e and acquires URI information required for accessing the content in the UPnP compatible device.
  • the content information acquisition function 261 e controls the PC 128 and acquires the URI information required for accessing the content stored in the HDD, etc., in the PC 128 from the PC 128 .
  • the control section 261 determines whether or not access to content is permitted by the content access control function 261 f based on the IP address information of the server acquired by the server finding function 261 d, the IP address information obtained from the URI information acquired by the content information acquisition function 261 e, and the IP address and net mask assigned to the second LAN terminal 122 of the digital TV broadcast receiver 111 . If the control section 261 determines that access is permitted, the control section 261 permits content access; if the control section 261 does not determine that access is permitted, the control section 261 displays a message to the effect that access cannot be permitted on the video display 114 as OSD.
  • FIG. 3 is a block diagram provided by extracting the connection relationship of a part of FIG. 1 .
  • the access control apparatus and the access control method of the invention will be discussed with FIG. 3 .
  • the PC 133 is connected to the digital TV broadcast receiver 111 through the broadband router 131 and the network 132 as shown in FIG. 3 .
  • the PC 133 is implemented as a UPnP compatible device having the function to operate as a content server and further including the service for providing URI information required for accessing content.
  • the network 132 is the Internet, usually the components to the broadband router 131 are installed in the home and the network 132 and the PC 133 are installed outside the home.
  • the broadband router 131 is set so as to allow machine search using a network detection protocol of SSDP (Simple Service Discovery Protocol) used in a network entry message of machine or the UPnP discovery function to pass through regardless of from the network 132 of the Internet, etc., to the home network configured centering on the hub 126 or from the home network configured centering on the hub 126 to the network 132 of the Internet, etc.
  • the control section 261 of the digital TV broadcast receiver 111 executes a content playback processing procedure shown in FIG. 4 in accordance with user operation.
  • the control section 261 searches for a UPnP compatible device on the network using the server finding function 261 d and displays the search result on the video display 114 (step S 401 ).
  • the two machines of the PC 128 disposed in the home network and the PC 133 disposed outside the home network are displayed as content servers on the video display 114 , for example, as shown in FIG. 7A .
  • Information indicating the server type of content server may be added for display, for example, as shown in FIG. 7 B.
  • the three types of UPnP, NAS (Network Attached Storage), and IEEE1394 are displayed. Accordingly, the user can know the type of content server.
  • the digital TV broadcast receiver 111 is assigned 192.168.1.11 as the IP address and 255.255.255.0 as the net mask.
  • PC 128 is assigned 192.168.1.12 as the IP address and PC-A as the device name of the UPnP compatible device.
  • PC 133 is assigned 61.12.13.14 as the IP address and PC-B as the device name of the UPnP compatible device.
  • control section 261 controls UPnP compatible device on the network using the content information acquisition function 261 e and acquires the URI information required for accessing the content (step S 402 ).
  • control section 261 acquires the IP address information contained in the URI acquired at step S 402 , which will be hereinafter referred to as the content IP address (step S 403 ).
  • control section 261 determines whether or not access is permitted based on the IP address information and the content IP address of the server and the IP address and the net mask assigned to the LAN terminal 122 of the digital TV broadcast receiver 111 (step S 404 ).
  • control section 261 references the access permission determination result at step S 404 (step S 405 ) and actually accesses the content (step S 406 ) if access is permitted. If access is not permitted, a warning is displayed on the video display 114 , for example, as shown in FIG. 9 and the content is not accessed (step S 407 ).
  • network address part refers to the portion of the bit string forming the IP address used to identify the network (subnet) managed by each organization. For example, if the IP address is “192.168.1.12” and the net mask is “255.255.255.0” as shown in FIG. 6 , the high-order 24-bit portion becomes the network address part and the low-order eight-bit portion becomes host address part.
  • a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S 404 a 1 ), for example, as shown in FIG. 5A . If they match as shown in FIG. 8A , it is determined that access is permitted; if they do not match as shown in FIG. 8B , it is determined that access is not permitted.
  • a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S 404 b 1 ) and if they match, further whether or not the content IP address is private IP address of class A, B, or C is determined (step S 404 b 2 ) and if the content IP address is private IP address of class A, B, or C, it is determined that access is permitted; otherwise, it is determined that access is not permitted.
  • Step S 404 b 2 is added, whereby access to a content server on the Internet can be prevented reliably.
  • a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S 404 c 1 ) and if they match, further whether or not the IP address of the server matches the content IP address is determined (step S 404 c 2 ) and if they match, it is determined that access is permitted; if they do not match, it is determined that access is not permitted.
  • the third access permission determination method it can be confirmed that the content server for providing content information and the server for actually providing content match.
  • a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S 404 d 1 ) and if they match, further whether or not the content IP address is private IP address of class A, B, or C is determined (step S 404 d 2 ) and if the content IP address is private IP address of class A, B, or C, further whether or not the IP address of the server matches the content IP address is determined (step S 404 d 3 ) and if they match, it is determined that access is permitted; if they do not match, it is determined that access is not permitted.
  • each class can take the following values, the address ranges are previously stored in memory, etc., and a comparison is made, whereby whether or not each address is in any of the address ranges can be determined:
  • the content IP address and the network address part match as shown in FIG. 8A and thus the content can be accessed; as for the PC 133 , the content IP address and the network address part do not match as shown in FIG. 8B and thus a warning is displayed on the video display 114 , as shown in FIG. 9 .
  • the content information providing module of the PC 128 is rewritten by unauthorized access and such URI information to induce to any other content server than the PC 128 is provided for the digital TV broadcast receiver 111
  • the content server belongs to the network 132 such as the Internet if any of the access permission determination methods shown in FIG. 5A to FIG. 5D is adopted at step S 404 in accordance with the playback processing procedure shown in FIG. 4 , the content IP address and the network address part do not match at step S 404 a 1 , S 404 b 1 , S 404 c 1 , S 404 d 1 and therefore access is not executed and a warning is displayed as shown in FIG. 9 at step S 407 .
  • step S 404 Even if the content server belongs to the local side of the broadband router 131 , if the access permission determination method shown in FIG. 5C or FIG. 5D is adopted at step S 404 , it is determined that access is not permitted in the match determination between the content IP address and the IP address of the server at step S 404 c 2 or S 404 d 3 and a warning is displayed as shown in FIG. 9 at step S 407 .
  • the broadband router 131 operates as a hub and a global IP address is assigned to the LAN terminal 122 of the digital TV broadcast receiver 111 for direct connection to the Internet
  • content server can be found, but if the access permission determination method shown in FIG. 5B or FIG. 5D is adopted at step S 404 at the content access time, it is determined that access is not permitted in the private IP address determination at step S 404 b 2 or S 404 d 2 and a warning is displayed as shown in FIG. 9 at step S 407 .
  • a client in the home such as the digital TV broadcast receiver 111 can be prevented from accessing copyrighted content stored in a content server such as the PC 133 on the network 132 such as the Internet and infringing the copyright.
  • a content server in the home such as the PC 128 induces a client to accessing a server on the Internet or another server in the home, for example, for the purpose of DoS (Denial of Services) because the content server undergoes unauthorized access or becomes virus-infected, the action can be prevented effectively.
  • DoS Delivery of Services
  • the client in a home network environment connected to the Internet through a router, if an unauthorized server releasing copyrighted content to the Internet exists, the client (information appliance) belonging to the home network can be prevented from accessing the content and infringing the copyright.
  • the client belonging to the home network can be prevented from being induced to a server on the Internet.
  • the present invention relating to the apparatus also holds as the present invention relating to a method and the invention relating to the method also holds as the present invention relating to the apparatus.
  • the present invention relating to the apparatus or the method also holds as a program for causing a computer to execute a procedure essential to the invention (or causing a computer to function as respective units or causing a computer to provide functions served by the respective units) and also holds as a computer-readable record medium recording the program.
  • an information appliance and an access control method that prevents, under circumstance where an unauthorized server other than the server installing the related art described above exists on the Internet, a home client from accessing the unauthorized server and infringing the copyright even if a server belonging to the home network has settings rewritten illegally.

Abstract

An information appliance accesses content stored in a content server through a computer network. The information appliance includes: a first IP address information acquisition unit that acquires URI information of the content from the content server and extracts first IP address information contained in the URI information; a second IP address information acquisition unit that acquires a second IP address assigned to the information appliance; a determination unit that determines whether or not a network address part of the first IP address matches with a network address part of the second IP address; and a control unit that permits accessing the content server when determined that the network address parts of the first and the second IP address matches, and denies accessing the content server when determined otherwise.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2005-118598, filed on Apr. 15, 2005, the entire contents of which are incorporated herein by reference.
    • BACKGROUND
  • 1. Field
  • One embodiment of the invention relates to an access control method and in particular to an access control method for controlling an access to content data through a network.
  • 2. Description of the Related Art
  • As known, the digitization of household electrical appliances has moved forward in recent years.
  • For example, in Japan, flat-screen digital TVs such as a liquid crystal TV and a plasma TV having functions of receiving and playing back satellite BS digital broadcasting and terrestrial digital broadcasting, an HDD-DVD recorder for receiving an analog broadcast program and recording the program in an internal HDD in digital form, and the like are springing into wide use in households.
  • Many of the digital household electrical appliances have a network connection function. It is imagined that in the future, for example, a content display such as a digital TV will operate as a client and the user will be able to easily enjoy content without moving to the place where the content physically exists by accessing the content stored in an HDD-DVD recorder having a server function in another room through a home network.
  • However, generally such a home network often is connected to the Internet through a router and the client may find out an unauthorized server releasing copyrighted content to the Internet and may access the content stored in the server depending on the settings of the router, resulting in an infringement of the copyright.
  • In order to cope with the above circumstance, generally the server often adopts a method of conducting machine authentication and access control so as to protect against the fraud of releasing copyrighted content to the Internet.
  • For example, a method of using the MAC address of the client as identification information and managing the identification information by the server, thereby restricting access to content from a client outside the home is known. (For example, refer to JP-A-2004-343497 (publication number of the corresponding European patent application is EP1517480A1))
  • A method of determining whether the client is in or outside the home based on whether or not access to the same physical medium within a short time can be shared as the determination criterion is also known. (For example, refer to JP-A-2004-334756 (publication number of the corresponding European patent application is EP1536344A1))
  • However, in the related art described above, if an unauthorized server other than the server installing the related art described above exists on the Internet, there is a possibility that the client in the home may access the unauthorized server.
  • There is also a possibility that the server belonging to the home network installing the related art described above may have settings rewritten by unauthorized access from the outside so that the client in the home is induced to an unauthorized server on the Internet or is caused to make unauthorized access to a server on the Internet.
    • BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
  • A general architecture that implements the various feature of the invention will now be described with reference to the drawings. The drawings and the associated descriptions are provided to illustrate embodiments of the invention and not to limit the scope of the invention.
  • FIG. 1 is a diagram to describe an appearance of a digital TV broadcast receiver incorporating an access control apparatus and an access control method and an example of a network system configured centering on the digital TV broadcast receiver 111;
  • FIG. 2 is an exemplary block diagram to show a main signal processing channel of the digital TV broadcast receiver;
  • FIG. 3 is an exemplary block diagram provided by extracting the connection relationship of a part shown in FIG. 1;
  • FIG. 4 is an exemplary flowchart to show a content playback processing procedure;
  • FIGS. 5A-5D are exemplary flowcharts to show specific access permission determination method at step S404 of the content playback processing procedure;
  • FIG. 6 is an exemplary drawing to describe a network address part and a host address part of an IP address;
  • FIGS. 7A and 7B are exemplary drawings to show examples of device list displayed on a video display;
  • FIGS. 8A and 8B are exemplary drawings to describe network address part match/mismatch; and
  • FIG. 9 is an exemplary drawing to show an example of a warning displayed on the video display.
    • DETAILED DESCRIPTION
  • Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings.
  • FIG. 1 schematically shows an appearance of a digital TV broadcast receiver 111 incorporating an access control apparatus (information appliance) and an access control method and an example of a network system configured centering on the digital TV broadcast receiver 111, described in the embodiment.
  • The digital TV broadcast receiver 111 mainly includes a thin-shaped cabinet 112 and a support bed 113 for supporting the cabinet 112 upright. For example, a flat panel video display 114 implemented as an SED (Surface-conduction Electron-emitter Display) display panel, a liquid crystal display panel, etc., speakers 115, an operation section 116, a light reception section 118 for receiving operation information transmitted from a remote control 117, and the like are installed in the cabinet 112.
  • For example, a first memory card 119 such as an SD (Secure Digital) memory card, an MMC (Multimedia Card), or a memory stick can be attached to and detached from the digital TV broadcast receiver 111, and information of a program, a photo, etc., is recorded and is played back on the first memory card 119.
  • Further, a second memory card (IC card) 120 recording contract information, etc., for example, can be attached to and detached from the digital TV broadcast receiver 111, and information is recorded and is played back on the second memory card 120.
  • The digital TV broadcast receiver 111 includes a first LAN (Local Area Network) terminal 121, a second LAN terminal 122, a USB (Universal Serial Bus) terminal 123, and an IEEE1394 terminal 124.
  • The first LAN terminal 121, which is used as a LAN compatible HDD dedicated port, is used to record and play back information through Ethernet (registered trademark) on a LAN compatible HDD 125 of connected NAS (Network Attached Storage).
  • Thus, the first LAN terminal 121 as the LAN compatible HDD dedicated port is provided, whereby information of a program based on HDTV image quality can be stably recorded on the HDD 125 without being affected by any other network environment, the network use situation, etc.
  • The second LAN terminal 122, which is used as a general LAN compatible port using Ethernet (registered trademark), is used to connect machines such as a LAN compatible HDD 127, a PC (Personal Computer) 128, and an HDD containing DVD (digital versatile disk) recorder 129, for example, through a hub 126 for transferring information to and from the machines.
  • The PC 128 is implemented as a UPnP (Universal Plug and Play) compatible device having a function to operate as a content server in the home network and further including service for providing URI (Uniform Resource Identifier) information required for accessing content.
  • A dedicated analog transmission line 130 needs to be provided for the DVD recorder 129 to transfer analog video and audio information to and from the digital TV broadcast receiver 111 because digital information communicated through the second LAN terminal 122 is information of only the control channel.
  • Further, the second LAN terminal 122 is used to connect a network 132, such as the Internet, through a broadband router 131 connected to the hub 126 for transferring information to and from a PC 133, a mobile telephone 134, etc., through the network 132.
  • The PC 133 is implemented as a UPnP compatible device having a function to operate as a content server and further including service for providing URI information required for accessing content.
  • The USB terminal 123, which is used as a general USB compatible port, is used to connect USB devices such as a mobile telephone 136, a digital camera 137, a card reader/writer 138 for a memory card, an HDD 139, and a keyboard 140, for example, through a hub 135 for transferring information to and from the USB devices.
  • Further, the IEEE1394 terminal 124 is used to connect an AV-HDD 141, a D (Digital)-VHS (Video Home System) 142, etc., for example, in series for transferring information to and from the machines.
  • FIG. 2 shows the main signal processing channel of the digital TV broadcast receiver 111. That is, a satellite digital TV broadcast signal received at an antenna 243 for receiving BS/CS digital broadcasting is supplied through an input terminal 244 to a satellite digital broadcasting tuner 245, whereby the broadcast signal of any desired channel is selected.
  • The broadcast signal selected by the tuner 245 is supplied to a PSK (Phase Shift Keying) demodulator 246 and is demodulated into digital video and audio signals, which are then output to a signal processing section 247.
  • A terrestrial digital TV broadcast signal received at an antenna 248 for receiving terrestrial broadcasting is supplied through an input terminal 249 to a terrestrial digital broadcasting tuner 250, whereby the broadcast signal of any desired channel is selected.
  • The broadcast signal selected by the tuner 250 is supplied to an OFDM (Orthogonal Frequency Division Multiplexing) demodulator 251, for example, in Japan and is demodulated into digital video and audio signals, which are then output to the signal processing section 247.
  • A terrestrial analog TV broadcast signal received at the antenna 248 for receiving terrestrial broadcasting is supplied through the input terminal 249 to a terrestrial analog broadcasting tuner 252, whereby the broadcast signal of any desired channel is selected. The broadcast signal selected by the tuner 252 is supplied to an analog demodulator 253 and is demodulated into analog video and audio signals, which are then output to the signal processing section 247.
  • The signal processing section 247 selectively performs predetermined digital signal processing for the digital video and audio signals supplied from the PSK demodulator 246 and the OFDM demodulator 251, and outputs the signals to a graphic processing section 254 and an audio processing section 255.
  • A plurality of (in the FIG. 4) input terminals 256 a, 256 b, 256 c, and 256 d are connected to the signal processing section 247. The input terminals 256 a to 256 d make it possible to input analog video and audio signals from the outside of the digital TV broadcast receiver 111.
  • The signal processing section 247 selectively digitizes the analog video and audio signals supplied from the analog demodulator 253 and the input terminals 256 a to 256 d and performs predetermined digital signal processing for the digitized video and audio signals and then outputs the signals to the graphic processing section 254 and the audio processing section 255.
  • The graphic processing section 254 has a function of superposing an OSD (On Screen Display) signal generated by an OSD signal generation section 257 on the digital video signal supplied from the signal processing section 247 and outputting the resultant signal. The graphic processing section 254 can selectively output the output video signal of the signal processing section 247 and the output OSD signal of the OSD signal generation section 257 and can output both output signals in combination so as to form each a half of a screen.
  • The digital video signal output from the graphic processing section 254 is supplied to a video processing section 258. The video processing section 258 converts the input digital video signal into an analog video signal in a format that can be displayed on the video display 114 and then outputs the analog video signal to the video display 114 for displaying video and also outputs the signal to the outside through an output terminal 259.
  • The audio processing section 255 converts the input digital audio signal into an analog audio signal in a format that can be played back in the speakers 115 and then outputs the analog audio signal to the speakers 115 for playing back audio and also outputs the signal to the outside through an output terminal 260.
  • All operation of the digital TV broadcast receiver 111 including the various types of reception operation described above is controlled by a control section 261. The control section 261, which contains a CPU (Central Processing Unit), etc., receives operation information from the operation section 116 or receives operation information sent from the remote control 117 through the light reception section 118 and controls the sections so as to reflect the operation description.
  • In this case, the control section 261 uses mainly ROM (Read-Only Memory) 261 a storing a control program executed by the CPU, RAM (Random Access Memory) 261 b for providing a work area for the CPU, and nonvolatile memory 261 c for storing various pieces of set information, control information, etc.
  • The control section 261 is connected through a card I/F (Interface) 265 to a cardholder 266 in which the first memory card 119 can be placed, whereby the control section 261 can transfer information to and from the first memory card 119 placed in the card holder 266 through the card I/F 265.
  • Further, the control section 261 is connected through a card I/F 267 to a card holder 268 in which the second memory card 120 can be placed, whereby the control section 261 can transfer information to and from the second memory card 120 placed in the card holder 268 through the card I/F 267.
  • The control section 261 is connected to the first LAN terminal 121 through a communication I/F 269, whereby the control section 261 can transfer information to and from the LAN compatible HDD 125 connected to the first LAN terminal 121 through the communication I/F 269. In this case, the control section 261 has a DHCP (Dynamic Host Configuration Protocol) server function and assigns an IP (Internet Protocol) address to the LAN compatible HDD 125 connected to the first LAN terminal 121 for control.
  • Further, the control section 261 is connected to the second LAN terminal 122 through a communication I/F 270, whereby the control section 261 can transfer information to and from the machines connected to the second LAN terminal 122 (see FIG. 1) through the communication I/F 270.
  • The control section 261 is also connected to the USB terminal 123 through a USB I/F 271, whereby the control section 261 can transfer information to and from the machines connected to the USB terminal 123 (see FIG. 1) through the USB I/F 271.
  • Further, the control section 261 is connected to the IEEE1394 terminal 124 through an IEEE1394 I/F 272, whereby the control section 261 can transfer information to and from the machines connected to the IEEE1394 terminal 124 (see FIG. 1) through the IEEE1394 I/F 272.
  • In the embodiment, a registration file describing the storage IDs (each containing IP address and device name) assigned to the HDD 125, the HDD 127, the PC 128, and the DVD recorder 129 at the initial registration time is stored in the HDD 125.
  • The storage IDs of the HDD 125, the HDD 127, the PC 128, and the DVD recorder 129 are stored in the nonvolatile memory 261 c.
  • The control section 261 provides functions including (1) server finding function 261 d using UPnP, (2) content information acquisition function 261 e using UPnP, and (3) content access control function 261 f.
  • (1) The control section 261 finds a UPnP compatible device on the network using a UPnP discovery function by the server finding function 261 d. For example, the server finding function 261 d finds the PC 128 using the UPnP discovery function.
  • (2) The control section 261 controls a UPnP compatible device using a UPnP control function by the content information acquisition function 261 e and acquires URI information required for accessing the content in the UPnP compatible device. For example, the content information acquisition function 261 e controls the PC 128 and acquires the URI information required for accessing the content stored in the HDD, etc., in the PC 128 from the PC 128.
  • (3) The control section 261 determines whether or not access to content is permitted by the content access control function 261 f based on the IP address information of the server acquired by the server finding function 261 d, the IP address information obtained from the URI information acquired by the content information acquisition function 261 e, and the IP address and net mask assigned to the second LAN terminal 122 of the digital TV broadcast receiver 111. If the control section 261 determines that access is permitted, the control section 261 permits content access; if the control section 261 does not determine that access is permitted, the control section 261 displays a message to the effect that access cannot be permitted on the video display 114 as OSD.
  • Next, the processing operation in the configuration described above is as follows.
  • FIG. 3 is a block diagram provided by extracting the connection relationship of a part of FIG. 1. The access control apparatus and the access control method of the invention will be discussed with FIG. 3.
  • It is assumed that the PC 133 is connected to the digital TV broadcast receiver 111 through the broadband router 131 and the network 132 as shown in FIG. 3. The PC 133 is implemented as a UPnP compatible device having the function to operate as a content server and further including the service for providing URI information required for accessing content.
  • If the network 132 is the Internet, usually the components to the broadband router 131 are installed in the home and the network 132 and the PC 133 are installed outside the home.
  • If the broadband router 131 is set so as to allow machine search using a network detection protocol of SSDP (Simple Service Discovery Protocol) used in a network entry message of machine or the UPnP discovery function to pass through regardless of from the network 132 of the Internet, etc., to the home network configured centering on the hub 126 or from the home network configured centering on the hub 126 to the network 132 of the Internet, etc., the control section 261 of the digital TV broadcast receiver 111 executes a content playback processing procedure shown in FIG. 4 in accordance with user operation.
  • In FIG. 4, the control section 261 searches for a UPnP compatible device on the network using the server finding function 261 d and displays the search result on the video display 114 (step S401). In the network configuration shown in FIG. 3, the two machines of the PC 128 disposed in the home network and the PC 133 disposed outside the home network are displayed as content servers on the video display 114, for example, as shown in FIG. 7A.
  • Information indicating the server type of content server may be added for display, for example, as shown in FIG. 7B. In the example in FIG. 7B, the three types of UPnP, NAS (Network Attached Storage), and IEEE1394 (when D-VHS, etc., is assumed to be a server) are displayed. Accordingly, the user can know the type of content server.
  • It is assumed that the digital TV broadcast receiver 111 is assigned 192.168.1.11 as the IP address and 255.255.255.0 as the net mask.
  • It is assumed that the PC 128 is assigned 192.168.1.12 as the IP address and PC-A as the device name of the UPnP compatible device.
  • It is assumed that the PC 133 is assigned 61.12.13.14 as the IP address and PC-B as the device name of the UPnP compatible device.
  • In this state, if the user enters a playback command of content stored in the HDD, etc., in the PC 133, the control section 261 controls UPnP compatible device on the network using the content information acquisition function 261 e and acquires the URI information required for accessing the content (step S402).
  • Next, the control section 261 acquires the IP address information contained in the URI acquired at step S402, which will be hereinafter referred to as the content IP address (step S403).
  • Next, the control section 261 determines whether or not access is permitted based on the IP address information and the content IP address of the server and the IP address and the net mask assigned to the LAN terminal 122 of the digital TV broadcast receiver 111 (step S404).
  • Next, the control section 261 references the access permission determination result at step S404 (step S405) and actually accesses the content (step S406) if access is permitted. If access is not permitted, a warning is displayed on the video display 114, for example, as shown in FIG. 9 and the content is not accessed (step S407).
  • In the specification, “network address part” refers to the portion of the bit string forming the IP address used to identify the network (subnet) managed by each organization. For example, if the IP address is “192.168.1.12” and the net mask is “255.255.255.0” as shown in FIG. 6, the high-order 24-bit portion becomes the network address part and the low-order eight-bit portion becomes host address part.
  • Specific examples of the access permission determination method at step S404 will be discussed in detail with FIGS. 5A-5D.
  • First Access Permission Determination Method
  • As a first access permission determination method, a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S404 a 1), for example, as shown in FIG. 5A. If they match as shown in FIG. 8A, it is determined that access is permitted; if they do not match as shown in FIG. 8B, it is determined that access is not permitted.
  • In FIG. 8A, since the subnet mask is “255.255.255.0,” if a comparison is made between the high-order 24-bit portion of one and that of the other, they match because each is “192.168.1” and therefore access is permitted. In contrast, in FIG. 8B, if a comparison is made between the high-order 24-bit portion of one and that of the other, they do not match because one is “192.168.1” and the other is “61.12.13” and therefore access is not permitted.
  • Second Access Permission Determination Method
  • As a second access permission determination method, for example, as shown in FIG. 5B, a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S404 b 1) and if they match, further whether or not the content IP address is private IP address of class A, B, or C is determined (step S404 b 2) and if the content IP address is private IP address of class A, B, or C, it is determined that access is permitted; otherwise, it is determined that access is not permitted.
  • Step S404 b 2 is added, whereby access to a content server on the Internet can be prevented reliably.
  • Third Access Permission Determination Method
  • As a third access permission determination method, for example, as shown in FIG. 5C, a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S404 c 1) and if they match, further whether or not the IP address of the server matches the content IP address is determined (step S404 c 2) and if they match, it is determined that access is permitted; if they do not match, it is determined that access is not permitted.
  • According to the third access permission determination method, it can be confirmed that the content server for providing content information and the server for actually providing content match.
  • Fourth Access Permission Determination Method
  • As a fourth access permission determination method, for example, as shown in FIG. 5D, a comparison is made between the content IP address and the network address part of the IP address of the digital TV broadcast receiver 111 (client) (step S404 d 1) and if they match, further whether or not the content IP address is private IP address of class A, B, or C is determined (step S404 d 2) and if the content IP address is private IP address of class A, B, or C, further whether or not the IP address of the server matches the content IP address is determined (step S404 d 3) and if they match, it is determined that access is permitted; if they do not match, it is determined that access is not permitted.
  • Since each class can take the following values, the address ranges are previously stored in memory, etc., and a comparison is made, whereby whether or not each address is in any of the address ranges can be determined:
      • Class A: 10.0.0.0 to 10.255.255.255
      • Class B: 172.16.0.0 to 172.31.255.255
      • Class C: 192.168.0.0 to 192.168.255.255
  • In the network configuration described above, as for the PC 128, the content IP address and the network address part match as shown in FIG. 8A and thus the content can be accessed; as for the PC 133, the content IP address and the network address part do not match as shown in FIG. 8B and thus a warning is displayed on the video display 114, as shown in FIG. 9.
  • In the network configuration described above, for example, if the content information providing module of the PC 128 is rewritten by unauthorized access and such URI information to induce to any other content server than the PC 128 is provided for the digital TV broadcast receiver 111, when the content server belongs to the network 132 such as the Internet, if any of the access permission determination methods shown in FIG. 5A to FIG. 5D is adopted at step S404 in accordance with the playback processing procedure shown in FIG. 4, the content IP address and the network address part do not match at step S404 a 1, S404 b 1, S404 c 1, S404 d 1 and therefore access is not executed and a warning is displayed as shown in FIG. 9 at step S407.
  • Even if the content server belongs to the local side of the broadband router 131, if the access permission determination method shown in FIG. 5C or FIG. 5D is adopted at step S404, it is determined that access is not permitted in the match determination between the content IP address and the IP address of the server at step S404 c 2 or S404 d 3 and a warning is displayed as shown in FIG. 9 at step S407.
  • In the network configuration described above, for example, if the broadband router 131 operates as a hub and a global IP address is assigned to the LAN terminal 122 of the digital TV broadcast receiver 111 for direct connection to the Internet, content server can be found, but if the access permission determination method shown in FIG. 5B or FIG. 5D is adopted at step S404 at the content access time, it is determined that access is not permitted in the private IP address determination at step S404 b 2 or S404 d 2 and a warning is displayed as shown in FIG. 9 at step S407.
  • Accordingly, a client in the home such as the digital TV broadcast receiver 111 can be prevented from accessing copyrighted content stored in a content server such as the PC133 on the network 132 such as the Internet and infringing the copyright.
  • If a content server in the home such as the PC 128 induces a client to accessing a server on the Internet or another server in the home, for example, for the purpose of DoS (Denial of Services) because the content server undergoes unauthorized access or becomes virus-infected, the action can be prevented effectively.
  • As described above with reference to the embodiment, in a home network environment connected to the Internet through a router, if an unauthorized server releasing copyrighted content to the Internet exists, the client (information appliance) belonging to the home network can be prevented from accessing the content and infringing the copyright.
  • If the setting of the server belonging to the home network is rewritten illegally, the client belonging to the home network can be prevented from being induced to a server on the Internet.
  • The present invention relating to the apparatus also holds as the present invention relating to a method and the invention relating to the method also holds as the present invention relating to the apparatus.
  • The present invention relating to the apparatus or the method also holds as a program for causing a computer to execute a procedure essential to the invention (or causing a computer to function as respective units or causing a computer to provide functions served by the respective units) and also holds as a computer-readable record medium recording the program.
  • According to the present invention, there is provided an information appliance and an access control method that prevents, under circumstance where an unauthorized server other than the server installing the related art described above exists on the Internet, a home client from accessing the unauthorized server and infringing the copyright even if a server belonging to the home network has settings rewritten illegally.
  • There is also provided a content access control method, if an unauthorized server other than the server installing the related art described above exists on the Internet, for preventing unauthorized access to a normal server for causing a fault to occur.
  • It is to be understood that the invention is not limited to the specific embodiment described above and that the invention can be embodied with the components modified without departing from the spirit and scope of the invention. The invention can be embodied in various forms according to appropriate combinations of the components disclosed in the embodiment described above. For example, some components may be deleted from all components shown in the embodiment. Further, the components in different embodiments may be used appropriately in combination.
  • While certain embodiment of the inventions have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel methods and systems described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.

Claims (10)

1. An information appliance that accesses content stored in a content server through a computer network, the information appliance comprising:
a first IP address information acquisition unit that acquires URI information of the content from the content server and extracts first IP address information contained in the URI information;
a second IP address information acquisition unit that acquires a second IP address assigned to the information appliance;
a determination unit that determines whether or not a network address part of the first IP address matches with a network address part of the second IP address; and
a control unit that permits accessing the content server when determined that the network address parts of the first and the second IP address matches, and denies accessing the content server when determined otherwise.
2. The information appliance according to claim 1, further comprising a private IP address determination unit that determines whether or not the first IP address is a private IP address of class A, B, or C,
wherein the control unit permits accessing the content server when determined that the first IP address is a private IP address of class A, B, or C, and denies accessing the content server when determined otherwise.
3. The information appliance according to claim 1, further comprising:
a third IP address information acquisition unit that acquires a third IP address assigned to the content server; and
an IP address determination unit that determines whether or not the third IP address matches with the first IP address,
wherein the control unit permits accessing the content server when determined that the third IP address matches with the first IP address, and denies accessing the content server when determined otherwise.
4. The information appliance according to claim 1, further comprising:
a content reception unit that receives content stored in the content server;
a signal processing unit that performs signal processing to display the content received by the content reception unit; and
a display unit that displays the content.
5. The information appliance according to claim 4, wherein when the control unit denies accessing the content server, the control unit controls the display unit to display an image indicating that the access to the content is denied.
6. An access control method for an information appliance that accesses content stored in a content server through a computer network, the access control method comprising:
acquiring URI information of the content from the content server;
extracting first IP address information contained in the URI information;
acquiring a second IP address assigned to the information appliance;
determining whether or not a network address part of the first IP address matches with a network address part of the second IP address; and
controlling to permit accessing the content server when determined that the network address parts of the first and the second IP address matches, and to deny accessing the content.
7. The access control method according to claim 6, further comprising determining whether or not the first IP address is a private IP address of class A, B, or C,
wherein the access to the content server is permitted when determined that the first IP address is a private IP address of class A, B, or C, and is denied when determined otherwise.
8. The access control method according to claim 6, further comprising:
acquiring a third IP address assigned to the content server; and
determining whether or not the third IP address matches with the first IP address,
wherein the access to the content server is permitted when determined that the third IP address matches with the first IP address, and is denied when determined otherwise.
9. The access control method according to claim 6, further comprising:
receiving content stored in the content server;
performing signal processing to display the received content; and
displaying the content.
10. The access control method according to claim 9, wherein when the access to the content server is denied, an image indicating that the access to the content is denied is displayed.
US11/402,963 2005-04-15 2006-04-13 Information appliance and access control method Expired - Fee Related US7600043B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JPP.2005-118598 2005-04-15
JP2005118598A JP4568155B2 (en) 2005-04-15 2005-04-15 Access control apparatus and access control method

Publications (2)

Publication Number Publication Date
US20060235982A1 true US20060235982A1 (en) 2006-10-19
US7600043B2 US7600043B2 (en) 2009-10-06

Family

ID=37078160

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/402,963 Expired - Fee Related US7600043B2 (en) 2005-04-15 2006-04-13 Information appliance and access control method

Country Status (3)

Country Link
US (1) US7600043B2 (en)
JP (1) JP4568155B2 (en)
CN (1) CN100440840C (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170063929A1 (en) * 2014-02-14 2017-03-02 British Telecommunications Public Limited Company Methods, apparatus and systems for processing service requests
US20200213250A1 (en) * 2010-12-03 2020-07-02 Unify, Inc. Apparatus and Method for Subscription to a Service and Use of the Service
US11729455B2 (en) 2015-07-24 2023-08-15 Maxell, Ltd. Broadcast receiving apparatus for receiving program contents based on location information

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101265266B1 (en) 2007-10-16 2013-05-20 삼성전자주식회사 Method for controlling content recording device and appratus therefor
US11743162B1 (en) * 2012-05-07 2023-08-29 Amdocs Development Limited System, method, and computer program for offering experience-based subscriptions to services
KR101491638B1 (en) * 2012-11-15 2015-02-09 (주)씨디네트웍스 Method and apparatus for providing contents according to network type
CN105897455A (en) * 2015-11-16 2016-08-24 乐视云计算有限公司 Function management configuration server operation detecting method, legitimate client, CDN node and system
JP6864055B2 (en) * 2019-10-10 2021-04-21 マクセル株式会社 Broadcast receiver

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6198479B1 (en) * 1997-06-25 2001-03-06 Samsung Electronics Co., Ltd Home network, browser based, command and control
US20030212800A1 (en) * 2001-12-03 2003-11-13 Jones Bryce A. Method and system for allowing multiple service providers to serve users via a common access network
US20050021786A1 (en) * 2002-02-28 2005-01-27 Norifumi Kikkawa Device authentication apparatus device authentication method information processing apparatus information processing method and computer program
US20050216942A1 (en) * 2000-03-02 2005-09-29 Tivo Inc. Multicasting multimedia content distribution system
US20060069911A1 (en) * 2003-05-12 2006-03-30 Kazuhiko Takabayashi Inter-apparatus authentication system andinter-apparatus authentication method, communication device, and computer program
US20060129938A1 (en) * 1997-06-25 2006-06-15 Samsung Electronics Co., Ltd. Method and apparatus for a home network auto-tree builder
US20060127037A1 (en) * 2004-11-19 2006-06-15 Tivo Inc. Method and apparatus for secure transfer and playback of multimedia content
US20070121580A1 (en) * 2005-10-03 2007-05-31 Paolo Forte Classification for media stream packets in a media gateway

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11346214A (en) * 1998-06-02 1999-12-14 Nec Corp Multi-address distribution system
JP3749817B2 (en) * 2000-03-30 2006-03-01 株式会社東芝 Transmitting apparatus and transmitting method thereof
AU2001273958A1 (en) * 2000-04-20 2001-11-07 Ip-Control Gmbh I. Gr. Method and device for dynamically controlling access to internet services
JP3558128B2 (en) * 2001-08-27 2004-08-25 ソニー株式会社 Information providing system, information processing apparatus and method, information providing apparatus and method, recording medium, and program
CA2469026A1 (en) * 2001-12-06 2003-06-19 Access Co., Ltd. System and method for providing subscription content services to mobile devices
JP4181951B2 (en) * 2002-09-27 2008-11-19 松下電器産業株式会社 Content distribution system
JP3800198B2 (en) 2003-05-16 2006-07-26 ソニー株式会社 Information processing apparatus, access control processing method, and computer program
EP1480406A1 (en) * 2003-05-19 2004-11-24 Sony International (Europe) GmbH Confinement of data transfers to a local area network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6198479B1 (en) * 1997-06-25 2001-03-06 Samsung Electronics Co., Ltd Home network, browser based, command and control
US20050022110A1 (en) * 1997-06-25 2005-01-27 Samsung Electronics Co., Ltd. Method and apparatus for a home network auto-tree builder
US20050120301A1 (en) * 1997-06-25 2005-06-02 Samsung Electronics Co., Ltd. Method and apparatus for a home network auto-tree builder
US20060129938A1 (en) * 1997-06-25 2006-06-15 Samsung Electronics Co., Ltd. Method and apparatus for a home network auto-tree builder
US20050216942A1 (en) * 2000-03-02 2005-09-29 Tivo Inc. Multicasting multimedia content distribution system
US20030212800A1 (en) * 2001-12-03 2003-11-13 Jones Bryce A. Method and system for allowing multiple service providers to serve users via a common access network
US20050021786A1 (en) * 2002-02-28 2005-01-27 Norifumi Kikkawa Device authentication apparatus device authentication method information processing apparatus information processing method and computer program
US20060069911A1 (en) * 2003-05-12 2006-03-30 Kazuhiko Takabayashi Inter-apparatus authentication system andinter-apparatus authentication method, communication device, and computer program
US20060127037A1 (en) * 2004-11-19 2006-06-15 Tivo Inc. Method and apparatus for secure transfer and playback of multimedia content
US20070121580A1 (en) * 2005-10-03 2007-05-31 Paolo Forte Classification for media stream packets in a media gateway

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200213250A1 (en) * 2010-12-03 2020-07-02 Unify, Inc. Apparatus and Method for Subscription to a Service and Use of the Service
US20170063929A1 (en) * 2014-02-14 2017-03-02 British Telecommunications Public Limited Company Methods, apparatus and systems for processing service requests
US10440057B2 (en) * 2014-02-14 2019-10-08 British Telecommunications Public Limited Company Methods, apparatus and systems for processing service requests
US11729455B2 (en) 2015-07-24 2023-08-15 Maxell, Ltd. Broadcast receiving apparatus for receiving program contents based on location information

Also Published As

Publication number Publication date
JP4568155B2 (en) 2010-10-27
JP2006303617A (en) 2006-11-02
US7600043B2 (en) 2009-10-06
CN1848789A (en) 2006-10-18
CN100440840C (en) 2008-12-03

Similar Documents

Publication Publication Date Title
US7600043B2 (en) Information appliance and access control method
US8204975B2 (en) Server apparatus, client apparatus and system for securely transmitting stored content
US7966382B2 (en) Enabling access to media content in media servers in remote networks
KR101109232B1 (en) Server architecture for network resource information routing
CN102263782B (en) Information processor, information processing method and information processing system
US7930536B2 (en) Device-to-device authentication system, device-to-device authentication method, communication apparatus, and computer program
JP4460541B2 (en) Content transmission / reception destination authentication method, content transmission / reception destination authentication system, and program
US7805526B2 (en) Inter-device authentication system, inter-device authentication method, communication device, and computer program
US20080201770A1 (en) Communication control device
US20050229245A1 (en) Inter-device authentication system, inter-device authentication method, communication device, and computer program
US20070044015A1 (en) Control apparatus and control method for controlling device connected to computer network
JP2006094404A (en) Broadcast receiver and broadcast receiving method
JP2006352682A (en) Controller and control method
US20070282996A1 (en) Network connection apparatus and providing service control program
JP4387911B2 (en) Information processing apparatus and recording destination control method thereof
JP2008152707A (en) Address information control device and address information control method
US20070028289A1 (en) Picture signal processor and picture signal processing method
JP4271177B2 (en) AV equipment and control method thereof
JP4825627B2 (en) Broadcast receiving apparatus and method
JP2006072815A (en) Signal processor and its control method
KR101659944B1 (en) Caption supporting method and system using DLNA
JP2006041859A (en) Digital broadcast receiving terminal and digital receiving terminal information gathering system
JP2006092711A (en) Digital video signal processing apparatus, and control method used for this digital video signal processing apparatus
US20070279682A1 (en) Data communications terminal and method of printing data by using a data communications terminal
KR20110069381A (en) Iptv service system and method thereof using mobile iptv service storage apparatus

Legal Events

Date Code Title Description
AS Assignment

Owner name: KABUSHIKI KAISHA TOSHIBA, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KOSHINO, NAOZUMI;REEL/FRAME:017788/0522

Effective date: 20060323

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.)

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20171006